Package: apt Version: 0.9.7.5 Severity: important Dear Maintainer,
When a data.tar.{gz,xz} contains a path name that is exactly 100 characters long, it will get truncated to 99 chars upon extraction in ExtractTar::Go(). It seems in older gnu tar versions (pre-wheezy) the behavior was more conservative and to use the 100 byte path field only for path names less than 100 chars long, and to switch to using long names already at 100 chars. In wheezy the behavior seems to be different and path names of exactly 100 chars long can fill the whole reserved space in the tar and then get truncated in ExtractTar::Go(): // Grab the filename if (LastLongName.empty() == false) Itm.Name = (char *)LastLongName.c_str(); else { Tar->Name[sizeof(Tar->Name)-1] = 0; Itm.Name = Tar->Name; } Quick way to reproducing the problem using a generated dummy deb package and "python-apt" is included as an attachment. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/11 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2012.4 ii gnupg 1.4.12-4+b1 ii libapt-pkg4.12 0.9.7.5 ii libc6 2.13-35 ii libgcc1 1:4.7.1-7 ii libstdc++6 4.7.1-7 apt recommends no packages.
#! /usr/bin/python import os import apt_inst paths = [] for i in range(98,103): path = ("%03d" % i).ljust(i,"x") file(path, "w") paths.append(path) assert not os.system("tar zcf data.tar.gz %s" % " ".join(paths)) file("control.tar.gz", "w") file("debian-binary", "w") assert not os.system("ar cr test.deb data.tar.gz control.tar.gz debian-binary") def cb(a, b): print "%3d %s" % (len(a.name), a.name) apt_inst.DebFile(file("test.deb", "rb")).data.go(cb)